CVE-2019-25257 - LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
CVE ID : CVE-2019-25257
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25257
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25258 - LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities
CVE ID : CVE-2019-25258
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25258
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3232 - Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
CVE ID : CVE-2025-3232
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3232
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68914 - Riello UPS NetMan 208 SQL Injection Vulnerability
CVE ID : CVE-2025-68914
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68914
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68915 - Riello UPS NetMan 208 Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-68915
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68915
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68916 - Riello UPS NetMan 208 Remote File Inclusion Vulnerability
CVE ID : CVE-2025-68916
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68916
Published : Dec. 24, 2025, 8:16 p.m. | 58 minutes ago
Description : Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68917 - ONLYOFFICE Docs Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-68917
Published : Dec. 24, 2025, 8:19 p.m. | 55 minutes ago
Description : ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68917
Published : Dec. 24, 2025, 8:19 p.m. | 55 minutes ago
Description : ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68919 - Fujitsu Fsas Technologies ETERNUS SF ACM/SC/Express Management Software Authentication Bypass
CVE ID : CVE-2025-68919
Published : Dec. 24, 2025, 9:16 p.m. | 3 hours, 59 minutes ago
Description : Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68919
Published : Dec. 24, 2025, 9:16 p.m. | 3 hours, 59 minutes ago
Description : Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8769 - MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation
CVE ID : CVE-2025-8769
Published : Dec. 24, 2025, 9:16 p.m. | 3 hours, 59 minutes ago
Description : Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8769
Published : Dec. 24, 2025, 9:16 p.m. | 3 hours, 59 minutes ago
Description : Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68920 - C-Kermit Remote File Overwrite/Vulnerable File Retrieval
CVE ID : CVE-2025-68920
Published : Dec. 24, 2025, 10:15 p.m. | 3 hours ago
Description : C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68920
Published : Dec. 24, 2025, 10:15 p.m. | 3 hours ago
Description : C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15073 - itsourcecode Online Frozen Foods Ordering System contact_us.php sql injection
CVE ID : CVE-2025-15073
Published : Dec. 24, 2025, 11:15 p.m. | 2 hours ago
Description : A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15073
Published : Dec. 24, 2025, 11:15 p.m. | 2 hours ago
Description : A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68922 - OpenOps Terraform Remote Code Execution
CVE ID : CVE-2025-68922
Published : Dec. 25, 2025, 12:16 a.m. | 59 minutes ago
Description : OpenOps before 0.6.11 allows remote code execution in the Terraform block.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68922
Published : Dec. 25, 2025, 12:16 a.m. | 59 minutes ago
Description : OpenOps before 0.6.11 allows remote code execution in the Terraform block.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32096 - Pexip Infinity Denial of Service Vulnerability
CVE ID : CVE-2025-32096
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32096
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66443 - Pexip Infinity Denial of Service
CVE ID : CVE-2025-66443
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66443
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32095 - Pexip Infinity Signalling Denial of Service
CVE ID : CVE-2025-32095
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32095
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66379 - Pexip Infinity Media Denial of Service Vulnerability
CVE ID : CVE-2025-66379
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66379
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49088 - Pexip Infinity Denial of Service Vulnerability
CVE ID : CVE-2025-49088
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49088
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48704 - Pexip Infinity Denial of Service Vulnerability
CVE ID : CVE-2025-48704
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48704
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59683 - Pexip Infinity Improper Access Control Denial of Service
CVE ID : CVE-2025-59683
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59683
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66377 - Pexip Infinity Authentication Bypass
CVE ID : CVE-2025-66377
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66377
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66378 - Pexip Infinity RTMP Access Control Bypass Vulnerability
CVE ID : CVE-2025-66378
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66378
Published : Dec. 25, 2025, midnight | 5 hours, 17 minutes ago
Description : Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...